1. Field of the Invention
The present invention relates to a method for accessing a home-network using a home-gateway and a home-portal server, and more particularly, to a method for accessing a home-network, in which a home network system linked to a home-gateway is accessed in relation to a home-portal service, and an apparatus thereof. The present application is based on Korean Patent Application No. 2000-72126, which is incorporated herein by reference.
2. Description of the Related Art
Generally, a home-network is established in an environment such as a house or small-sized office, and linked to the Internet. An external user controls various apparatuses linked to the home-network through the Internet.
Referring to FIG. 1, home-network apparatuses 140 and 150 linked to a home-network 130 are linked to the Internet 100 through a home-gateway 120. The home-gateway 120 has limited open Internet Protocol (IP) addresses and mediates the home-network apparatuses 140 and 150 having private IP addresses in order to access sites linked to the Internet 100. At this time, only one open IP address is assigned to the home-gateway 120, and private IP addresses which cannot be externally recognized are assigned to the home-network apparatuses 140 and 150 linked to the home-network 130. Therefore, when the home-network apparatuses 140 and 150 linked to the home-network 130 want to receive information from the outside, the home-gateway 120 should convert the private IP addresses of the home-network apparatuses 140 and 150 into its open IP addresses using a network address translation (NAT). The Internet Service Provider (ISP) 110 provides Internet access services to the home-gateway 120.
Referring to FIG. 2, the home-gateway 120 includes an external network interface 212 for forming a communication channel to link the external Internet, a home-network interface 214 for forming a communication channel to link a home-network 130, an open IP layer 211 corresponding to the external network interface and a private IP layer 213 corresponding to the home-network interface 214. The open IP layer 211 uses a dynamic open IP address, while the private IP layer 213 uses a private IP address. An IP address converting unit 210 relays a packet transmission, by converting an open IP address input from the open IP layer 211 to a private IP address or converting a private IP address input from the private IP layer 213 to an open IP address.
Referring to FIG. 3, an ordinary enterprise network uses a virtual private network (VPN) technology with which a computer 310 linked to the Internet 100 accesses to an in-office server 311 linked to an in-office network 300 which is protected from the Internet 100 by a firewall system 312.
The external computer 310 accesses the firewall system 312 through communication channels 301 and 303 linked to the Internet 100, and if an authentication is successfully carried out, a virtual communication channel 304 to the in-office network 300 is formed. This virtual channel is implemented actually using various communication channels 303, 100, 301, and 302, but, by additionally using a software tunneling technology, the virtual channel operates as if it is directly connected to the in-office network 300.
Referring to FIG. 4, the external computer 310 forms a virtual channel by generating a virtual interface 411 to be linked to a virtual network interface 412 inside the firewall system 312 through physical communication channels 303, 100, and 301.
The firewall system 312 has a routing unit 413 which connects a network channel 302 for linking the virtual network interface 412 to the in-office network 300, and forms an internal communication channel 401 through the routing unit 413. A virtual channel, which makes the external computer 310 look directly connected to the in-office network 300, is formed by adding this internal communication channel 401 and the virtual channel 400.
However, in the NAT, which is a conventional Internet sharing technology, the home-network apparatuses 140 and 150 can operate normally, only when an access request from an external apparatus exists. Also, when a user accesses from outside to home-network apparatuses 140 and 150 linked to home-network 130, the following problems exist.
First, the open IP address of the home-gateway 120 does not have a permanently fixed value due to an economical reason. That is, since the area of open IP addresses is limited and the number of user systems to be supported are great, most ISPs 110 manage predetermined IP addresses in the form of a pool and dynamically assign the addresses only when a user system requires an IP address. Therefore, the existing open IP address assigning method has no problem in simply realizing an Internet sharing function in a home-network, but, if a user wants to control the home-network apparatuses 140 and 150 linked to the home-network 130 from the outside, it causes a problem in which the user cannot easily find an open IP address of the home-network to be controlled.
Meanwhile, even when the address of the home-gateway 120 that is an entrance to the home-network 130 is determined, there are many limitations in accessing the home-network apparatuses 140 and 150 inside the home-network 130. That is, since the internal home-network apparatuses 140 and 150 use private IP addresses, when an external network apparatus such as the computer 310 transmits data using the private IP address, a routing in the Internet cannot be made normally. Also, since only the header part of a packet is modified when the NAT technology is used, the application programs, which describe the IP addresses of a source and a destination in the payload part of a packet, do not operate normally. Therefore, a separate program corresponding to each application program should be used in the gateway to process input data. Also, though the VPN technology is to allow access to an internal network with little expense and guaranteed security, the VPN technology is designed to operate only when a client knows in advance the IP address of a VPN server to be accessed in order to keep a high level security, and so far has never been applied to the home-network field.
To solve the above problems, it is an object of the present invention to provide a method for accessing a home-network in which a user accesses a home-portal server from an arbitrary external system, and then accesses to the home-network, using the collected open IP address of the home-gateway, in order to remotely control various systems linked to the home-network.
It is another object to provide a home-network access system to which the home-network access method is applied.
To accomplish the above object of the present invention, there is provided a method for accessing a home-network, in a network access method of a network system in which an open Internet Protocol (IP) address is used for an external network and a private IP address is provided for an internal network resource, the method for accessing the home-network having the steps of (a) collecting user information and an open IP address from the network system; (b) authenticating an authorized user, who wants to access an internal network resource, based on the user information and open IP address collected in the step (a); and (c) providing the open IP address to the user authenticated in the step (b) so that a virtual network between the authenticated user and the internal network resource that the user wants to use is established.
To accomplish another object of the present invention, there is also provided an apparatus for accessing a home-network in a network system having a gateway, which has user information and an open IP address, for mediating internal network resources having private IP addresses and access to the Internet, and a home-portal server for communicating authentication data with a user apparatus using the open IP address received in the gateway, in which the home-portal server has an information storage unit for storing user-related information; an address monitoring unit for collecting user information and open IP addresses from the gateway, then determining whether or not the user information is valid, and storing the open IP address corresponding to the user information in the information storage unit; and an authentication server unit for referring to user information stored in the information storage unit, in response to the authentication request from the user apparatus, and, if the user is authorized, providing the open IP address stored in the information storage unit to the user apparatus.